Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

Greater Focus on Privacy Pays Off for Firms

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today.

In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their privacy investments, with high-scoring companies seeing an average benefit of 3.1 times return, compared to low-scoring companies, which saw an average benefit of 2.3 times return, according to the "Cisco Data Privacy Benchmark Study 2020." The report, based on a survey of 2,500 security professionals familiar with their companies' privacy practices, underscores that privacy programs are no longer just about avoiding fines but about building trust with customers, says Robert Waitman, director of privacy insights and innovation at Cisco.

"Privacy is not just about being minimally compliant with the laws, which have been changing and becoming more comprehensive. We are seeing other business value from our privacy investments," he says. "Companies that made privacy investments saw fewer breaches, less costly ones, and less down time. That's not a coincidence."

Privacy and data security has grown to become an enormous issue for companies. The European Union's General Data Protection Regulation (GDPR) has cost companies significantly: British Airways faces a £183 million (US$240 million) fine for website flaws that led to the harvesting of information on a half-million customers. Hotel chain Marriot also faces a significant fine — £99 million (US$130 million) — for a breach that affected 500 million guests of subsidiary Starwood Hotels

Overall, 82% of companies had a breach in the past year, according to the survey.

Yet businesses are just beginning to see mature privacy practices as a competitive advantage, Waitman says.

"Companies who may be taking the minimalistic approach, who are looking to just avoid fines from GDPR or other private actions and legislation — that is not the right approach," Waitman says. "This is about enabling and building trust and loyalty with your customers to provide the business value that comes from having your privacy act together.

Cisco published the survey the day before World Privacy Day, Jan. 28, a decade-old holiday that focuses on promoting privacy and raising awareness of the issues around storing people's data. The survey found that the largest benefits accrue to companies in the UK, with a 3.5 times return, and Brazil and Mexico, both with a 3.3 times return. Companies in India benefit the least but still estimated that the average return for their firms were 1.9 times.

Interestingly, the relative benefit from privacy investment does not change for small companies as compared to large companies. Small firms may have less need for comprehensive privacy programs, but they also tend to spend much less than larger companies.

"Small companies spend a little, get a little, and large companies spend a lot, get a lot," Waitman says. "The ratio is kind of similar."

The company found that large enterprises with 10,000 or more employees spent $1.9 million on privacy, and small companies of less than 500 employees spent $800,000, on average. More than 40% of businesses see benefits of more than double the amount spend on privacy efforts, according to the study.

The study's findings extend Cisco's 2019 privacy report, which found GDPR-ready firms had fewer data breaches. Firms prepared for the EU privacy regulations exposed an average of 79,000 files during a breach, compared to 212,000 files for companies not compliant with GDPR.

The reports are based on survey responses and security professionals' estimates of the benefits of privacy programs.

In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately, Cisco's Waitman says.

"Legislation has provided power back to the people in terms of controlling their data, to some extent," he says. "The No. 1 complaint of consumers right now is that they do not know what is going on with how their data is being used by the people they share it with."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "7 Steps to IoT Security in 2020."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jim.raykowski
50%
50%
jim.raykowski,
User Rank: Apprentice
1/28/2020 | 3:33:00 PM
Scale
 What about companies with 10, 15, 25, 50, or so employees? Its a great read for big companies how do we scale this down to smaller business? 

Thanks

Jim
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...